Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
1
Helpful
2
Replies

TACACS+ vs. RADIUS

r-lemaster
Level 1
Level 1

‎02-01-2005 03:25 PM - edited ‎03-10-2019 02:00 PM

My textbooks don't seem to agree on this one issue. One of my textbooks say that you have to use TACACS+ for some features like cut-through proxy or virtual http, where another says you can use RADIUS for any AAA implementation.

Could someone tell me when TACACS+ is required and RADIUS is not supported? CSACS seems like an unnecessary expense when RADIUS is free.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎02-01-2005 08:13 PM

The main things Radius can't do is command authorization and accounting. This is a limitation of the Radius protocol where all authentication and authorization are combined, so there's no way to have a Radius device send off command requests after the initial user authentication has taken place.

Not sure what you mean by "virtual http", but you can certainly do it for "cut-through proxy", assuming by this you mean have the PIX authenticate users before their traffic can pass through.

r-lemaster
Level 1
Level 1
In response to gfullage

‎02-02-2005 04:37 AM

Thank you for your reply. (Cut-through proxy AKA authentication proxy, AKA downloadable ACLs, depending on your reading materials). I don't know other terms for virtual http/telnet.

I was wondering if there any specific features that Cisco requires the use of TACACS+ and RADIUS isn't supported. I'd just like to avoid the unnecessary expense if RADIUS is supported for these functions.

I'm not talking about accounting or the differences between RADIUS or TACACS+, just the general function of authentication through PIX or routers.

Man, this site is slow.

0 Helpful
Customers Also Viewed These Support Documents